CLAIMS 



1 . A user interface for displaying processed and analyzed network data to 
an end user, comprising: 

a system dashboard kept up to date with current monitoring information 
from a monitored network, said dashboard comprising: 
a network status console area; 
a network events viewing area; and 
a trend viewing area. 

2. The user interface of Claim 1 , wherein said network status console 
area further comprises: 

an alerts area comprising a FIFO queue of critical alerts; and 
a health monitor area showing a percentage of network traffic that does 
not violate current traffic and over a predetermined amount of time. 

3. The user interface of Claim 1 , further comprising: 

a tear off status console window for said end user to keep console 
window open on a desktop to monitor network status. 

4. The user interface of Claim 1 , using a web page paradigm. 

5. The user interface of Claim 2, wherein said user alerts are updated on 
a real-time basis. 

6. The user interface of Claim 2, wherein any of said user alerts links to 
corresponding alert details information. 
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7. The user interface of Claim 2, wherein the underlying traffic data of 
said health monitor is updated automatically at a regular interval. 

8. The user interface of Claim 2, wherein severity alerts levels are 
5 distinguished by color codes. 



9. The user interface of Claim 1, wherein said network events viewing 
area further comprises links to any of the following: 
10 summary information; 

information on all events; and 

policy history information; 

wherein a configurable time period is set. 

15 10. The user interface of Claim 9, wherein said configurable time period 
comprises any of: 

a user selected date and time range; 

last two hours; 

today; 

20 last 24 hours; 

yesterday; 

last seven days; 

this month; 

last month; and 
25 last three months. 

1 1 . The user interface of Claim 1 , further comprising any of: 

conformance events summary information containing a count of 

violations for each rule/disposition pair; 
30 violator events summary information containing a count of the number 

of violations for each violating ip-address; and 

target events summary information containing a count of the number of 

violations for each top destination ip-address. 

35 12. The user interface of Claim 1 1 , wherein event summary information 
links to network event details information containing details on events making 
up said count. 
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13. The user interface of Ciaim 1, wherein user defined and configurable 
query and report settings are stored. 

14. The user interface of Claim 1, wherein said trend viewing area further 
5 comprises links to network events summary information. 

15. The user interface of Claim 1, wherein said trend viewing area further 
comprises a QuickWeek section, containing any of: 

a predetermined number of most frequent rule/disposition combinations 
10 during a past predetermined number of days; 

a predetermined number of most frequent violator ip-addresses versus 
count during said past predetermined number of days; and 

a predetermined number of most frequent target ip-addresses versus 
count during said past predetermined number of days. 

I 15 

16. The user interface of Claim 1, wherein the trend viewing area is user 
customizable. 

17. The user interface of Claim 1, further comprising embeddable trend 
20 charts into details information, said trend over a time range dynamically 

configurable by said end user. 

18. The user interface of Claim 17, wherein said trend charts comprise any 
of: 

25 policy effectiveness; 

number of policy changes over time; 

event summary; 

network event details; and 

all conformance counts. 

30 

19. The user interface of Claim 12, wherein said network event details 
information further comprises any of: 

monitoring point; 
disposition name; 
35 rule name; 

disposition code; 
severity; 

source ip-address; 
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source port; 
destination ip-address; 
destination port; 
ip protocol; 
5 event time; and 

application data. 

20. The user interface of Claim 19, wherein said application data 
comprises any of, but not limited to: 

10 ICMP action code; 

HTTP -URL; 
FTP-Filename; 

SSL - Ciphersuite, Issuer and Subject's certificate 
CommonName, Certificate Status; 
15 SSH- Authentication handshake status; and 

application status code. 

21. The user interface of Claim 1, further comprising protocol event details 
information in context of a particular network event to a database from which 

20 said information is retrieved on an as-needed basis. 

22. The user interface of Claim 21, wherein said protocol event details 
information further comprises data from attributes. 

23. The user interface of Claim 22, wherein said data attributes comprise 
any of, but not limited to: 

initiator credential name; 
target credential name; 
rule name for said protocol event; and 
disposition name for said protocol event. 

24. The user interface of Claim 1 , further comprising alert event details 
information, said information comprising any of: 

details of network event that caused alert; 
35 rule and disposition name that triggered alert; 

log comment from corresponding disposition; 
time at which alert was generated; 

initiator ip address of the corresponding non-conformant traffic; 
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target ip address of the corresponding non-conformant traffic; 
an icon that links to the network event details page describing the non- 
conformant network event; and 
checkbox to clear alert; 

5 

25. The user interface of Claim 1, further comprising a policy update 
information area showing each time a new policy is installed, said information 
comprising: 

date of policy information; 
10 description of policy; and 

link to English representation of said newly installed policy. 

26. The user interface of Claim 2, further comprising means for each of 
said alerts to generate an alert email, said alert email comprising any of, but 

15 not limited to: 

time said alert occurred; 

rule and disposition name that triggered alert; 
log description from said corresponding disposition; 
initiator ip address of corresponding non-conformant traffic; 
20 target ip address of corresponding non-conformant traffic; and 

a link to network event detail, said detail describing said non- 
conformant network event. 

27. The user interface of Claim 26, further comprising a customer 
25 information area allowing said end user to configure a list of email addresses 

to receive said alert email. 

28. The user interface of Claim 1, further comprising means for ad-hoc 
querying by said end user. 

30 

29. The user interface of Claim 28, wherein means for ad-hoc querying 
further comprises filtering results by, but not limited to any or all of: 

protocol of rule name; 
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policy rule name; 



regular expression within rule name; 
disposition name of violation; 
regular expression within disposition name; 
5 source ip-address; 

regular expression with source ip-address; 
target ip-address; 

regular expression within target ip-address; 
target port; and 
10 regular expression within target port. 

30. The user interface of Claim 28, wherein means for ad-hoc querying 
further comprises an advanced search feature. 

15 31. The user interface of Claim 30, wherein said advanced search feature 
is implemented using a dialog box. 

32. The user interface of Claim 1, further comprising informational aids, 
said information aids comprising any of: 

20 English language representation of policy; 

rule and disposition descriptions; and 
copyright information. 

33. The user interface of Claim 32, wherein said informational aids are 
25 linked to by said end user when said end user places a cursor over an 

appropriate field thereby displaying a tooltip of corresponding descriptions of 
said fields. 

34. The user interface of Claim 33, wherein said descriptions are any of but 
30 not limited to: 

rule descriptions; 

disposition descriptions; and 

Resolved DNS names for ip-addresses; and 

TCP and UDP service names. 
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35. The user interface of Claim 33, wherein said informational aids further 
comprise any of: 

context sensitive help; 

5 

36. The user interface of Claim 1, further comprising a link to generate a 
printer friendly printed page. 

37. The user interface of Claim 1, further comprising displaying time 
10 information in a predetermined time zone. 
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